Jump to content

Recommended Posts

Cross Site Scripting:

There is Cross Site Scripting when you log in if your username contains '>code.

 

Insecure Cookie:

You shouldn't put the username in the cookie.

 

User Enumeration:

http://www.trenttompkins.com/~nobody

 

User Enumeration:

http://www.trenttompkins.com/~root

 

User Enumeration:

http://www.trenttompkins.com/~trenttom

Full Path Disclosure:

http://www.trenttompkins.com/cap/

Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 6

 

Warning: imagecolortransparent(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 7

 

Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 9

 

Warning: imagestring(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 15

 

Warning: Cannot modify header information - headers already sent by (output started at /home/trenttom/public_html/cap/index.php:6) in /home/trenttom/public_html/cap/index.php on line 217

 

Warning: Cannot modify header information - headers already sent by (output started at /home/trenttom/public_html/cap/index.php:6) in /home/trenttom/public_html/cap/index.php on line 231

 

Warning: imagepng(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 232

 

Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 237

 

Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 238

 

Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/trenttom/public_html/cap/index.php on line 239

 

Use wordwrap so long single line posts don't stretch your pages.

Because it gives people a clue when using SQL Injection, or people can just replicate a cookie with anyone's username in it and post as them.

 

If you want to use cookies, at least hash the username and use a personal salt. Oh, make sure the cookies are relative to the domain too.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.